Are you afraid of Hackers? Do you lie restless at night thinking of what might happen if they got into your bank account, facebook profile, or e-mail. Perhaps you’re also worried about that they might hack into a forum you visit, or that they might get into your personal messages on whatsapp.
It’s true that hackers are able to do all of these things, but the public perception of hackers really isn’t quite justified, and this false perception can lead to terrible outcomes.
Take last weeks post about the hacktivist group Anonymous. In it I expanded on the public fear of anonymous and how that didn’t correspond to the actual damage that the group causes. Sometimes all Anonymous does is a DDOS on a public website, that still takes some skill, but far removed from actually infiltrating a server. Yet, most people wouldn’t be able to differentiate a DDOS attack of a website to a compromise of an actual server, and this inability leads then to disproportionately fear hackers, worse still it leads them to lump all security related incidences into a single bucket called “hacked by hackers”.
Why are people so afraid of hackers? And why is there a huge discrepancy between what some of these hackers are actually doing and the fear that the average citizen has of them.
I have one theory–ignorance, or more specially tech-illiteracy.
Tech-illiterate (most Malaysians are)
It’s the reason why, the single most visited post on this blog is “How to change your Unifi Wifi Password”. To most techies, that’s like writing a post on how to open your car door, it’s really hard for geeks to imagine that people don’t know how to do it.
But If I tweak up the difficulty level just a notch, like write a post on “How to perform port-mapping on your Unifi router”, the number of visits drops by a factor of 10!!
I’m not blogging moghul, but I’m confident that the 200 visits a day from people trying to change WiFi passwords are from technically illiterate folks, and those folks make the majority of Malaysia.
It’s just like Magic
Everyday millions of Malaysians turn on their smart-phones and laptops, without having even the slightest clue about how they work. They know that if they type “Google.com” a website with a search bar appears and they know to press the WiFi button to connect to the internet, but they don’t know how their web-browser manages to find Google’s servers and they don’t know how WiFi authenticates or encrypts their communications.
They know what happens, they just don’t know HOW it happens.
When you see a guy pull a bunny from a hat, you know what happened, but you don’t know how he did it.This ignorance allows for the magician to trick you, which is fine at a magic show, but in the real-world, the trick these hackers-cum-magicians perform have serious consequences. Technology sufficiently advanced is indistinguishable from magic, and for most people ALL the technology they see on a daily basis is ‘sufficiently’ advanced.
The myth of hackers (and how they’re assholes)
And now we loop back to where we started.Tech-illiteracy makes it impossible for people to differentiate attacks, and to them all hacks are the same. This muddies the water between trivial attacks and serious ones and forces the general public to treat childish vandalism like as though they were acts of terrorism, because a hack is a hack and they don’t know the difference.
None of this is recent, or exclusively Malaysian. Kevin Mitnick, the grand-daddy of hackers, was famously victimised because of what he termed the ‘myth of Mitnick’. A myth was so pervasive, US Federal agents were convinced he could launch a nuclear bomb by whistling into a payphone, none of which was true, or even possible. Judges even denied him his constitutionally guaranteed bail-hearing, something the US Justice system extended to the Oklahoma City Bomber and John Allen, but not to a 20-something year old ‘hacker’, whose only real crime up to that point was stealing source code for a now obsolete Operating system. The best example of this ‘myth’ is when FBI agents would famously turn over their badges before meeting Mitnick, because they were afraid that if he found out their name, he could somehow ‘hack’ them. These were bad-ass FBI agents afraid of a hacker, who they already had in custody, and the reason of their fear was ignorance. To the tech-illiterate agents, Mitnick was like the dark-lord Voldermort, you don’t mention this name and you certainly don’t give him yours. Again, it’s all like magic if you don’t know how he did it.
Hackers, aren’t exactly innocent either. There’s a entire computer security industry that feeds on publicity, and some hackers just takes things a bit too far. Like Chris Roberts who got on an airplane and tweeted how he could hack into the aviaonics from the entertainment system–now, even if you could make a bomb, you don’t tweet the word bomb from inside an aircraft, that’s just a dick move to make. But if you’re looking for publicity that’s the quickest way to get it.
Recently we had hackers demonstrate how they could take control of a vehicle from over the internet–while the vehicle was on the road!! Again, a slightly dick move, because peoples lives were put in danger when you suddenly take control of someone’s vehicle. The same point could be made by having a controlled demonstrating in a parking lot, but that wouldn’t be anywhere near as exciting.
So when you put some jack-ass moves from hackers and a tech-illiterate society together, and then you sprinkle that with really nasty cyber-criminals and government snoops, is it any wonder you have a society that is completely freaked out all the damn time?
*The media doesn’t help either, when hackers are potrayed in the movies, or series, they’re usually like supermen that can break into every single system there is. Hackers on tv, are usually just a fix for some lazy story-writing as the hacker can do anything, but the reality is that most hackers hone their skills in a specific field or protocol, the car hackers don’t hack airplanes, and the airplane hackers doesn’t go after IIS websites.
The downside of Tech-illiteracy
I think we’ve come to a point where being tech-illiterate is no longer acceptable. If you didn’t know maths, you’re a cripple in this society, and if you didn’t know English, you will never be hired by an MNC. But what are the implications of being tech-illiterate? 20-30 years ago, those implications were miniscule, today they’re enormous, tech-illiteracy will limit your career growth and in most cases interfere with your ability to function in society.
Living in society today, requires a Facebook page, e-mail, online banking account, credit card, etc etc. Without these things you couldn’t apply for a job, or you’d be the only person in your social click that wasn’t invited to a wedding, as much as we like to reminisce about the good ol’ days, the modern world is here, and you’re either in it , or not. But with all that ubiquitous technology, there comes a responsibility, and most people aren’t savvy enough to appreciate all the nuances of technology to use them wisely and securely.
Hence, we have a paradox, people are using more technology, but understanding it less. So when some guy parades in and demonstrates that he’s able to take control of a car while you’re driving it, your fear-meter just shoots through the roof, it’s like Darth Vader announcing he’d be destroying your planet next–not much you can do about it unless you happen to have ‘The Force’ with you. That feeling powerlessness is purely a factor of ignorance, and I guarantee you that if you took the time to understand how the technology works, and how the hackers broke through it, you’d come away not just more educated, but far less fearful.
Technology in many respects is like anti-magic, because magic loses its appeal the moment you know the secret of the illusion, but technology and engineering only gets more appealing the more you know about it. The deeper you go, the more interesting it gets–trust me!
So what can we do?
I strongly believe that we should start teaching coding in schools, make python a mandatory subject for primary school students. Coding is important because it teaches children how to think, but more importantly, teaching coding in schools will unveil the ‘magic’ of technology to young minds, and wouldn’t that be exciting?